HIPAA

Health Insurance Portability and Accountability Act of 1996

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that mandates national standards in the health care industry to improve efficiency and effectiveness of the health care system. HIPAA’s (Title II) administrative-simplification provisions require the establishment of national standards for how health plans handle:

Privacy of protected health information (PHI)

The Health Insurance Portability and Accountability Act (HIPAA) privacy rule creates national standards to protect individuals’ medical records and PHI. HIPAA mandates that health plans and providers adopt additional, specific policies and procedures for securing the privacy of patients’ PHI, and notify patients about their privacy rights, including how their PHI can be used.

In accordance with the rule, Tufts Health Plan has implemented the required privacy procedures and trained all Tufts Health Plan employees on the procedures.

Tufts Health Plan's Notice of Privacy explains to members how medical information may be used and disclosed and how they can get access to this information.

Security of protected health information (PHI)

HIPAA’s security standards rule mandates national standards for how an organization such as a health plan handles and stores PHI. HIPAA dictates that Tufts Health Plan take the following actions to secure PHI:

Physical safeguards to guard data integrity, confidentiality, and availability — to ensure the protection of computer systems and related physical structures in which these systems are housed from fire, other natural and environmental hazards, and intrusion. These safeguards also include using locks, keys, and administrative measures to control access to computer systems and facilities.

Technical security mechanisms to guard against unauthorized access to data that is transmitted over a communications network — to protect health information electronically transmitted over open networks against interception or interpretation by parties other than the intended recipient. These mechanisms are also intended to protect information systems from intruders who attempt to gain access through external communication points.

Administrative procedures to guard data integrity, confidentiality, and availability — to provide structure within the organization for the development and implementation of the information security program.

Electronic transmission of health care data

HIPAA mandates standards for the electronic exchange of health care data to replace and streamline the many diverse data contents and formats used today. The use of these standards will increase the efficiency and effectiveness of the health care industry as a whole.

Tufts Health Plan is a participating payer with New England Healthcare EDI Network (NEHEN). Tufts Health Plan providers who are also members of NEHEN can perform HIPAA-compliant eligibility, claim status, and authorization request and response transactions either via their organization’s intranet, or through an integrated system.

To take advantage of the convenient, HIPAA-compliant NEHEN features, including batch transactions, you must be a member of NEHEN and have the appropriate software installed.

What is NEHEN?

NEHEN is a consortium of leading health care payers and providers in the New England area using electronic commerce to reduce administrative costs and satisfy federal HIPAA requirements.

Already a member of NEHEN?

If you are currently a NEHEN member and would like to submit batch claims transactions to us, please contact us at888-257-1985, or e-mail us.

Want to join NEHEN?

For information on how to join NEHEN, please visit www.nehen.net, or call 781-290-1300.